diff options
Diffstat (limited to 'static/freebsd/man8/certctl.8')
| -rw-r--r-- | static/freebsd/man8/certctl.8 | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/static/freebsd/man8/certctl.8 b/static/freebsd/man8/certctl.8 new file mode 100644 index 00000000..2d38ce02 --- /dev/null +++ b/static/freebsd/man8/certctl.8 @@ -0,0 +1,168 @@ +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" +.\" Copyright 2018 Allan Jude <allanjude@freebsd.org> +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted providing that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd December 3, 2025 +.Dt CERTCTL 8 +.Os +.Sh NAME +.Nm certctl +.Nd "tool for managing trusted and untrusted TLS certificates" +.Sh SYNOPSIS +.Nm +.Op Fl lv +.Ic list +.Nm +.Op Fl lv +.Ic untrusted +.Nm +.Op Fl BnUv +.Op Fl D Ar destdir +.Op Fl M Ar metalog +.Ic rehash +.Nm +.Op Fl nv +.Ic untrust Ar +.Nm +.Op Fl nv +.Ic trust Ar +.Sh DESCRIPTION +The +.Nm +utility manages the list of TLS Certificate Authorities that are trusted by +applications that use OpenSSL. +.Pp +The following options are available: +.Bl -tag -width 4n +.It Fl B +Do not generate a bundle. +This option is only valid in conjunction with the +.Ic rehash +command. +.It Fl D Ar destdir +Specify the DESTDIR (overriding values from the environment). +.It Fl d Ar distbase +Specify the DISTBASE (overriding values from the environment). +.It Fl l +When listing installed (trusted or untrusted) certificates, show the +full path and distinguished name for each certificate. +.It Fl M Ar metalog +Specify the path of the METALOG file +.Po +default: +.Pa ${DESTDIR}/METALOG +.Pc . +This option is only valid in conjunction with the +.Ic rehash +command. +.It Fl n +Dry-run mode. +Do not actually perform any actions except write the metalog. +.It Fl v +Verbose mode. +Print detailed information about each action taken. +.It Fl U +Unprivileged mode. +Do not attempt to set the ownership of created files. +This option is only valid in conjunction with the +.Fl M +option and the +.Ic rehash +command. +.El +.Pp +Primary command functions: +.Bl -tag -width untrusted +.It Ic list +List all currently trusted certificates. +.It Ic untrusted +List all currently untrusted certificates. +.It Ic rehash +Rebuild the list of trusted certificates by scanning all directories +in +.Ev TRUSTPATH +and all untrusted certificates in +.Ev UNTRUSTPATH . +A copy of each trusted certificate is placed in +.Ev TRUSTDESTDIR +and each untrusted certificate in +.Ev UNTRUSTDESTDIR . +In addition, a bundle containing the trusted certificates is placed in +.Ev BUNDLE . +.It Ic untrust +Add the specified file to the untrusted list. +.It Ic trust +Remove the specified file from the untrusted list. +.El +.Sh ENVIRONMENT +.Bl -tag -width UNTRUSTDESTDIR +.It Ev DESTDIR +Absolute path to an alternate destination directory to operate on +instead of the file system root, e.g. +.Dq Li /tmp/install . +.It Ev DISTBASE +Additional path component to include when operating on certificate directories. +This must start with a slash, e.g. +.Dq Li /base . +.It Ev LOCALBASE +Location for local programs. +Defaults to the value of the user.localbase sysctl which is usually +.Pa /usr/local . +.It Ev TRUSTPATH +List of paths to search for trusted certificates. +Default: +.Pa ${DESTDIR}${DISTBASE}/usr/share/certs/trusted +.Pa ${DESTDIR}${LOCALBASE}/share/certs/trusted +.Pa ${DESTDIR}${LOCALBASE}/share/certs +.It Ev UNTRUSTPATH +List of paths to search for untrusted certificates. +Default: +.Pa ${DESTDIR}${DISTBASE}/usr/share/certs/untrusted +.Pa ${DESTDIR}${LOCALBASE}/share/certs/untrusted +.It Ev TRUSTDESTDIR +Destination directory for symbolic links to trusted certificates. +Default: +.Pa ${DESTDIR}${DISTBASE}/etc/ssl/certs +.It Ev UNTRUSTDESTDIR +Destination directory for symbolic links to untrusted certificates. +Default: +.Pa ${DESTDIR}${DISTBASE}/etc/ssl/untrusted +.It Ev BUNDLE +File name of bundle to produce. +Default: +.Pa ${DESTDIR}${DISTBASE}/etc/ssl/cert.pem +.El +.Sh SEE ALSO +.Xr openssl 1 +.Sh HISTORY +.Nm +first appeared in +.Fx 12.2 . +.Sh AUTHORS +.An -nosplit +The original shell implementation was written by +.An Allan Jude Aq Mt allanjude@FreeBSD.org . +The current C implementation was written by +.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org . |